Releases
v1.10
v1.10 - 2021-03-18
Added
insufficient_security_configurability.verification_of_contact_method_not_required
insufficient_security_configurability.weak_two_fa_implementation.two_fa_code_is_not_updated_after_new_code_is_requested
insufficient_security_configurability.weak_two_fa_implementation.old_two_fa_code_is_not_invalidated_after_new_code_is_generated
broken_authentication_and_session_management.weak_login_function.over_http
server_security_misconfiguration.oauth_misconfiguration.account_squatting
Third-party mapping to Secure Code Warrior trainings
automotive_security_misconfiguration.can.injection_battery_management_system
automotive_security_misconfiguration.can.injection_steering_control
automotive_security_misconfiguration.can.injection_pyrotechnical_device_deployment_tool
automotive_security_misconfiguration.can.injection_headlights
automotive_security_misconfiguration.can.injection_sensors
automotive_security_misconfiguration.can.injection_vehicle_anti_theft_systems
automotive_security_misconfiguration.can.injection_powertrain
automotive_security_misconfiguration.can.injection_basic_safety_message
automotive_security_misconfiguration.battery_management_system
automotive_security_misconfiguration.battery_management_system.firmware_dump
automotive_security_misconfiguration.battery_management_system.fraudulent_interface
automotive_security_misconfiguration.gnss_gps
automotive_security_misconfiguration.gnss_gps.spoofing
automotive_security_misconfiguration.immobilizer
automotive_security_misconfiguration.immobilizer.engine_start
automotive_security_misconfiguration.abs
automotive_security_misconfiguration.abs.unintended_acceleration_brake
automotive_security_misconfiguration.rsu
automotive_security_misconfiguration.rsu.sybil_attack
automotive_security_misconfiguration.infotainment_radio_head_unit
automotive_security_misconfiguration.infotainment_radio_head_unit.pii_leakage
automotive_security_misconfiguration.infotainment_radio_head_unit.ota_firmware_manipulation
automotive_security_misconfiguration.infotainment_radio_head_unit.code_execution_can_bus_pivot
automotive_security_misconfiguration.infotainment_radio_head_unit.code_execution_no_can_bus_pivot
automotive_security_misconfiguration.infotainment_radio_head_unit.unauthorized_access_to_services
automotive_security_misconfiguration.infotainment_radio_head_unit.source_code_dump
automotive_security_misconfiguration.infotainment_radio_head_unit.dos_brick
automotive_security_misconfiguration.infotainment_radio_head_unit.default_credentials
Removed
insufficient_security_configurability.lack_of_verification_email
broken_authentication_and_session_management.weak_login_function.https_not_available_or_http_by_default
broken_authentication_and_session_management.weak_login_function.http_and_https_available
broken_authentication_and_session_management.weak_login_function.lan_only
cross_site_request_forgery_csrf.flash_based.high_impact
cross_site_request_forgery_csrf.flash_based.low_impact
automotive_security_misconfiguration.infotainment
automotive_security_misconfiguration.infotainment.pii_leakage
automotive_security_misconfiguration.infotainment.code_execution_can_bus_pivot
automotive_security_misconfiguration.infotainment.code_execution_no_can_bus_pivot
automotive_security_misconfiguration.infotainment.unauthorized_access_to_services
automotive_security_misconfiguration.infotainment.source_code_dump
automotive_security_misconfiguration.infotainment.dos_brick
automotive_security_misconfiguration.infotainment.default_credentials
Changed
server_security_misconfiguration.lack_of_security_headers.cache_control_for_a_non_sensitive_page updated remediation advice
server_security_misconfiguration.lack_of_security_headers.cache_control_for_a_sensitive_page updated remediation advice
cross_site_scripting_xss.flash_based priority changed from P4 to P5
cross_site_request_forgery_csrf.flash_based priority changed from null to P5 (due to children removal)
using_components_with_known_vulnerabilities.rosetta_flash priority changed from P4 to P5
You can’t perform that action at this time.